U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x86:*
  • CPE Name Search: true
There are 332 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

Published: January 22, 2024; 4:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47747

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

Published: January 22, 2024; 3:15:47 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47158

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

Published: January 22, 2024; 3:15:47 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.

Published: January 22, 2024; 3:15:46 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

Published: January 22, 2024; 3:15:46 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Published: January 22, 2024; 2:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47746

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

Published: January 22, 2024; 2:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

Published: January 22, 2024; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.

Published: January 18, 2024; 8:15:08 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-47707

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-47705

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-47703

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.

Published: December 19, 2023; 9:15:44 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-47702

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.

Published: December 19, 2023; 9:15:43 PM -0500
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-47706

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.

Published: December 19, 2023; 8:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

Published: December 19, 2023; 8:15:07 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46174

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.

Published: December 01, 2023; 4:15:08 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-43021

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.

Published: December 01, 2023; 4:15:08 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-42022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.

Published: December 01, 2023; 4:15:08 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-42019

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.

Published: December 01, 2023; 4:15:08 PM -0500
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2023-42009

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.

Published: December 01, 2023; 4:15:07 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)